Pete Recommends – Weekly highlights on cyber security issues, May 7, 2023

Subject: PrivateAI’s PrivateGPT aims to combat ChatGPT privacy concerns
Source: VentureBeat

Today, data privacy provider Private AI, announced the launch of PrivateGPT, a “privacy layer” for large language models (LLMs) such as OpenAI’s ChatGPT. The new tool is designed to automatically redact sensitive information and personally identifiable information (PII) from user prompts.PrivateAI uses its proprietary AI system to redact more than 50 types of PII from user prompts before they’re submitted to ChatGPT, repopulating the PII with placeholder data to allow users to query the LLM without exposing sensitive data to OpenAI.

Subject: China has 50 hackers for every FBI agent says Bureau boss
Source: The Register

China has 50 hackers for every one of the FBI’s cyber-centric agents, the Bureau’s director told a congressional committee last week.

Speaking at the House Appropriations Committee’s subcommittee on Commerce, Justice, Science, and Related Agencies, director Christopher Wray tried to justify the Bureau’s budget request by outlining the threats it is trying to counter.

“A key part of the Chinese government’s multi-pronged strategy to lie, to cheat, and to steal their way to surpassing us as the global superpower is cyber,” Wray claimed. “The scale of the Chinese cyber threat is unparalleled. They’ve got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined.”

“To give you a sense of what we’re up against: If each one of the FBI’s cyber agents and intel analysts focused exclusively on the China threat – on nothing but China – Chinese hackers would still outnumber FBI cyber personnel by at least 50 to 1.”


Similar topics

Subject: Amazon Clinic patients must sign away some privacy rights under HIPAA
Source: Washington Post

You agreed to what? The ‘HIPAA authorization’ for Amazon’s new low-cost clinic offers the tech giant more control over your health data.

Subject: Biden Administration to Investigate Worker Surveillance Software
Source: Gizmodo

Is your employer monitoring your mouse clicks, keystrokes, or webcam? What about your location or pace of work? If so, the White House wants to hear from you—from the confines of your digitally enabled professional panopticon.

On this fine May Day (a.k.a. International Workers’ Day), the Biden Administration’s Office of Science and Technology Policy has released a public request for information (RFI) regarding worker surveillance and all the various ways employers are attempting to automate productivity tracking.

“Employers are increasingly investing in technologies that monitor and track workers, and making workplace decisions based on that information,” wrote Deidre Mulligan, the OSTP’s deputy chief, in a Monday blogpost. “While these technologies can benefit both workers and employers in some cases, they can also create serious risks to workers.”

The post goes on to outline some of the various harms such surveillance can have.

Subject: Apple and Google Collaborate on Anti-Stalker Tech
Source: Phone Scoop

Apple and Google have announced a new industry standard that will enable cross-platform alerts when people are potentially being tracked without their consent using any popular Bluetooth location-tracking device, regardless of manufacturer. For example, this would allow someone to receive an alert on their Android phone when an unknown Apple AirTag seems to be following them, or the same for an Apple iPhone and a Samsung SmartTag. …

Subject: So long passwords, thanks for all the phish
Source: Google Blog Blog: “Starting today, you can create and use passkeys on your personal Google Account. When you do, Google will not ask for your password or 2-Step Verification (2SV) when you sign in Passkeys are a more convenient and safer alternative to passwords. They work on all major platforms and browsers, and allow users to sign in by unlocking their computer or mobile device with their fingerprint, face recognition or a local PIN….

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: 10 Million Blacklight Scans Later, Here’s What You Found
Source: The Markup

Nearly three years ago we launched Blacklight, an online tool that allows users to enter any website and find out what tracking technologies are present and who gets the visitor data they collect.

Blacklight was created with one guiding premise: that it would be more powerful to show people, in real time, how they were being tracked online than to merely tell them such tracking was happening. … scanned 80,000 popular websites with Blacklight and found that nearly 90 percent of them had some sort of third-party tracker. Aaron also published a guide for readers on what to do if, after using Blacklight to scan a website, you find the results to be horrifying.

To recognize this month’s milestone, we want to highlight just a few of the projects that have used Blacklight:

The pervasiveness of the tracking uncovered by Blacklight can feel daunting. But, like other Markup tools that followed, Blacklight gives people some degree of control over how they engage with the digital world. As Surya said at the time of Blacklight’s launch, “We want readers to have a sense of agency—not apathy.”



Subject: You Can’t Trust Your Browser’s ‘Lock’ to Tell You a Website Is Safe
Source: Lifehacker

Lifehacker – “Google is doing away with the lock, because it never meant what you thought it meant. When you browse the internet, you probably notice a small lock icon that appears in the URL bar. It’s common internet security advice to look for this lock whenever visiting a new site, to make sure your connection is actually secure. Google, however, announced it will retire the lock, since it doesn’t think it serves the security purpose it once did. So, how will you be able to tell if a site is safe going forward? Google has a plan…”

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: FTC: Facebook misled parents, failed to guard kids’ privacy
Source: AP via WHYY / PBS

U.S. regulators say Facebook misled parents and failed to protect the privacy of children using its Messenger Kids app, including misrepresenting the access it provided to app developers to private user data.

As a result, The Federal Trade Commission on Wednesday proposed sweeping changes to a 2020 privacy order with Facebook — now called Meta — that would prohibit it from profiting from data it collects on users under 18. This would include data collected through its virtual-reality products. The FTC said the company has failed to fully comply with the 2020 order.

Meta would also be subject to other limitations, including with its use of face-recognition technology and be required to provide additional privacy protections for its users.

Facebook launched Messenger Kids in 2017, pitching it as a way for children to chat with family members and friends approved by their parents. The app doesn’t give kids separate Facebook or Messenger accounts. Rather, it works as an extension of a parent’s account, and parents get controls, such as the ability to decide with whom their kids can chat.

Subject: White House federal agency AI guidelines may focus on pilots and info sharing
Source: FedScoop

The White House’s guidance for federal agencies using artificial intelligence that will be issued later this summer is likely to focus on gathering and sharing information on AI experiments taking place along with best practices learned from such pilot programs.

The Office of Management and Budget (OMB) in its upcoming draft AI policy guidance may focus on gathering empirical data on the use of AI tools within the federal agencies and then sharing best practices and risks from such AI programs, according to Catherine Sharkey, an NYU law professor who is one of the nation’s leading authorities on federal regulatory law.

“I don’t think they’ll lay out any comprehensive policy in the beginning, it first signals OMB’s interest and involvement in having a new explicit focus on regulating AI tools within federal agencies and providing a canvas of AI use in the government followed by best practices,” said Sharkey.

Commerce Secretary Gina Raimondo last week called NIST’s AI Risk Management Framework (AIRMF), which was first released in January, “the “gold standard” for the regulatory guidance of AI technology.

However, NIST’s AI framework and the G7 agreement contrast in some ways with the foundational rights-based framework laid out in the White House’s October 2022 Blueprint for an AI ‘Bill of Rights,’ that some AI experts have advocated as a model for AI regulations going forward.

Subject: NYC Subway Resumes Twitter Alerts
Source: Gizmodo

Public transit shouldn’t be a roller coaster ride but, if you follow New York City’s Metropolitan Transit Authority on Twitter, the past week may have felt like one. The MTA, which runs the U.S.’s largest rapid transit network, is back to posting real-time service alerts and updates on the social media platform.

“We know that customers missed us, so starting today we’ll resume posting service alerts” across multiple accounts, the agency tweeted on Thursday afternoon. “We’re glad that Twitter has committed to offering free API access for public service providers.”

That return comes after about a week-long hiatus where the agency said it would stop tweeting out service info as “the reliability of the platform [could] no longer be guaranteed.” Also, Twitter wanted to charge the MTA about $50,000 per month to post its automated subway alerts, and the public transit authority was not down for it.

That said, the MTA isn’t putting all of its eggs in one basket, and neither should you. The authority noted in its tweets and Rieara’s statement that there are lots of other places riders can and should look for information on service alerts. There is and the agency’s MYmta and TrainTime apps. Screens in stations provide delay announcements and other notices. MTA riders can also sign up for email and SMS alerts.


Posted in: AI, Communications, Criminal Law, Cybercrime, Cybersecurity, E-Commerce, Health, KM, Privacy, Search Engines, Search Strategies, Social Media